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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER. FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period v/ill apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even If timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication{s) filed on 27 April 2007 . 
2a)S This action is FINAL. 2b)n This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits js 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-11 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) ^ Claim(s) 1-11 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim{s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examjner. 

10) 13 The drawing(s) filed on 12 July 2004 is/are: a)S accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) Is objected to. See 37 CFR 1.121(d). 

1 1) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) 13 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)IEI All b)n Some * c)n None of: 

1 Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1 ) K Notice of References Cited (PTO-892) 4) □ Inten^lew Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/IVIail Date. . 

3) □ Infomiation Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20070629 



Application/Control Number: 10/501,302 Page 2 

Art Unit: 2131 

DETAILED ACTION 

(f 

1 . Claims 1-11 have been examined. 



Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C, 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1-8 are rejected under 35 U.S.C. 102(e) as being clearly anticipated by Lineman 
et al. U.S. Pat. No. 20030065942 (hereinafter Lineman). 

4. As per claim 1 , Lineman discloses a computer system for providing security awareness in 
an organization, comprising: a memory means, constituted by a hard disk or Random Access 
Memory device, a central processor unit connected to said memory means, an input device, 
constituted by a mouse or keyboard device, connected to said central processor unit, for the input 
of a piece of security information into said computer system (Lineman: [0032]: creating security 
policy document), an output device, constituted by a printer or display device, connected to said 
central processor unit for the output of security information (Lineman: figure 4A and 4B), a 
policy module communicating with said input device and said memory means for the conversion 
of said piece of security information into an information security object, said information 
security object stored in said memory means (Lineman: [0033]: create a security policy and 
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represent the policy information in machine readable and human readable forms), and a survey 
module communicating with said memory means and said output means for generating from said 
information security object an element of a questionnary to be output by means of said output 
device (Lineman: [0036]: quiz associated with security policy document and figure 2). 

5. As per claim 2, Lineman discloses the computer system according to claim 1 . Lineman 
further discloses the system comprising an educational module communicating with said 
memory means for receiving through said input device a set of answers to said questionnary and 
for comparing said set of answers of said questionary with said information security objects for 
determining the correct and the incorrect answers, and generating, based on said incorrect 
answers, an educational program to be output by means of said output device (Lineman: [0075]: 
score the quizzes; [0082]: target the weakness that needs to be addressed). 

6. As per claim 3, Lineman discloses the computer system according to claim 2. Lineman 
further discloses said set of answers being stored in said memory means (Lineman: [0075]: 
determine the score). 

7. As per claim 4, Lineman discloses the computer system according to any of the claims 1- 
3. Lineman further discloses said memory means being organized as a database (Lineman: 
[0052]). 



% 
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8. As per claim 5, Lineman discloses the computer system according to any of the claims 1- 
3. Lineman further discloses said computer system constituting a stand alone computer or 
alternatively a computer system including a network and a plurality of PC's each including an 
input device and an output device to be operated by a respective user (Lineman: [0026]: 
enterprise network). 

9. As per claim 6, Lineman discloses the computer system according to any of the claims 1- 
3. Lineman further discloses said central processor unit controls in said conversion of said piece 
of said security information into said information security object, said policy module to check in 
said memory means the possible presence of a corresponding security information object 
(Lineman: figure 2 and [0032]). 

10. As per claim 7, Lineman discloses a method of providing security awareness in an 
organization, comprising receiving a piece of security information (Lineman: [0032] and figure 
2: receive user specified security policy information), modularizing said piece of security 
information to create an information security object (Lineman: [0034]: the security policy object 
is created to affect the entire network), storing said information security object in a memory 
means, said information security object being generated in a policy module (Lineman: [0032]), 
generating in a survey module an element of a questionnary from said information security 
object and output said questionnary including said element (Lineman: [0036]). 
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11. As per claim 8, Lineman discloses the method according to claim 7. Lineman ftirther 
discloses the method comprising the computer system according to any of the claims 1-3 
(Lineman: [0026] and [0031]). 

12. Claim 1 1 is rejected under 35 U.S.C. 102(e) as being anticipated by Townsend U.S. Pub. 
No. 20020188861 (hereinafter Townsend). 

13. As per claim 1 1, Townsend discloses a method of providing security awareness in an 
organization, comprising: receiving security information (Townsend: [0024]); modularizing the 
security information to create an information security object (Tovmsend: [0027]); assigning a 
security level value to said information security object; and compiling said information security 
object into a security policy including other information security objects having the same 
security level value (Townsend: [0027]). 



Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

1 5. Claims 9 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lineman 



in view of Townsend. 
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16. As per claim 9, Lineman discloses a computer system for providing security awareness in 
an organization, comprising: a memory means coupled to a central processing unit; an input 
device coupled to said central processor unit for receiving security information into said 
computer system; and output device coupled to said central processor unit for outputting security 
information; and an information security object stored in said memory means, said information 
security object including modular content derived from said security information and having a 
unique identifier, said unique identifier used to link said information security object to an 
organization and the policy document is created according the security level of the organization 
specified by administrator (Lineman: [0032]-[0033]: the security policy is converted into 
machine readable and human readable forms and is modularized to affect the enterprise network; 
[0044] and [0055]: the administrator selects categories to tailor a policy document suitable for 
the organization and the policy includes identifier). Lineman does not explicitly disclose the 
policy information includes a security level indicating the level that matches a default security 
level of the organization. However, Townsend discloses creating a security model based on the 
security level of an organization and the security model includes a countermeasure and strength 
level (Townsend: [0010]). It would have been obvious to one having ordinary skill in the art at 
the time of applicant's invention to prompt the administrator to select the desired security 
protection and determine a security level of an organization, then creating a security object 
suitable for the organization based on the security level because both prior art are related to 
enterprise security awareness system. Therefore, it would have been obvious to one having 
ordinary skill in the art at the time of applicant's invention to combine the teachings of 
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Townsend within the system of Lineman because it provides reliable, repeatable, cost efficient, 
and consistent system for enterprise network (Townsend: [0009]). 

17. As per claim 10, Lineman as modified discloses the system of claim 9. Lineman as 
modified further discloses a survey module communicating with said memory means and said 
output means for generating from said information security object an element of a questionnary 
to be output by means of said output device (Lineman: [0036]: quiz associated with security 
policy document and figure 2). 

Response to Arguments 

18. Applicant's arguments filed on AllllQl have been fully considered but they are not 
persuasive. 

Regarding applicant's remarks, applicant argues that the prior art of record does not 
disclose conversion of said piece of security information into information security object. 
However, Lineman discloses the software allows the administrator to enter information/ select 
categories of information security and generate a policy document/security object that can be 
converted to machine codes to enforce network security and the examiner equates the term 
information security object with the policy document generated by the security server. Therefore, 
applicant's argument is respectfully traversed. 
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Conclusion 

19. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (571) 272-3789. The 
examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Shin-Hon Chen 

Examiner 
Art Unit 2131 
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